Experts estimate that three per cent of all spam emails carry some form of malware.
One of the most common forms of malware happens to be phishing, where hackers create an email that seems like it is originating from a trusted source (from banks to online shopping sites).
After clicking the link, the victim is redirected to a clone website of the service and asked for credentials and other personal information.
What can you do to reduce the phishing threat?
Step 1: Get rid of spam
If you want to greatly reduce the amount of hooks, you will need to address the spam problem. Phishing is an evil byproduct of spam, and is just one of the many spam scams we encounter daily.
The real problem is the sheer volume of spam, and the fact that so much of it is evil - the Microsoft Security Intelligence Report spelled out the dangers.
“More than 75 percent of the e-mail messages sent over the Internet are unwanted,” the report states.
“Not only does all this unwanted e-mail tax recipients’ inboxes and the resources of email providers, but it also creates an environment in which e-mailed malware attacks and phishing attempts can proliferate.”
Get rid of spam, and your phishing days are over. The most sure-fire way of preventing phishing attacks on your users is to never serve them the threat in the first place – and that means stopping spam before it enters your network.
Filtering at the gateway is where you want to start.
Step 2: Train yourself
With anti-spam measures in place you can now move on to the next task; training! Here at GFI we always sing the praises of staff cybersecurity awareness because there is no patch for social engineering.
IT admins need to understand the important of user training and how much saved dollars can be reaped.
Notorious hacker Kevin Mitnick, who instead of doing damage teaches individuals how to avoid hackers through his security training company, has proved the worth of anti-phishing training.
His company studied 372 organisations, which together, have nearly 300,000 endpoints. Phishing attacks were too often successful before training, with close to 16 per cent of end users vulnerable to these schemes.